diff --git a/network/manifests/init.pp b/network/manifests/init.pp new file mode 100644 index 0000000..718aa96 --- /dev/null +++ b/network/manifests/init.pp @@ -0,0 +1,361 @@ + +# Class which restarts networking if needed. +# +# This class is automatically included when needed. +# +class network::helper::restart { + case $operatingsystem { + centos,fedora: { + exec { "restart-network": + command => "/sbin/service network restart", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + } + } + openbsd: { + exec { "restart-network": + command => "/bin/sh /etc/netstart", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + } + } + } +} + + +# Configure interface. +# +# === Parameters +# +# $name: +# Network device name. +# $ipaddr: +# IP address for interface. Use dhcp for DHCP configuration and none +# if interface just needs to be brought up. +# $netmask: +# Netmask for interface. Required only when $ipaddr is used. +# $options: +# Custom options for interface (used only on OpenBSD). +# +# === Sample usage +# +# network::interface { "eth0": +# ipaddr => "10.10.120.6", +# netmask => "255.255.0.0", +# } +# +define network::interface($options = [], $ipaddr = "none", $netmask = "none") { + + include network::helper::restart + + # try to determine boot protocol from ip address + case $ipaddr { + dhcp: { $proto = "dhcp" } + none: { $proto = "none" } + default: { + $proto = "static" + case $netmask { + none: { fail("Netmask must be defined with ip address") } + } + } + } + + case $operatingsystem { + openbsd: { + file { "/etc/hostname.${name}": + ensure => present, + content => $proto ? { + none => "up\n", + default => template("network/hostname.if.erb"), + }, + mode => 0600, + owner => root, + group => wheel, + notify => Exec["restart-network"], + } + } + centos,fedora: { + file { "/etc/sysconfig/network-scripts/ifcfg-${name}": + ensure => present, + content => template("network/ifcfg-if.erb"), + mode => 0644, + owner => root, + group => root, + notify => Exec["restart-interface-${name}"], + } + exec { "restart-interface-${name}": + command => "ifdown ${name} && ifup ${name}", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + user => root, + refreshonly => true, + require => File["/etc/sysconfig/network-scripts/ifcfg-${name}"], + } + } + default: { + fail("Network module not supported in ${operatingsystem}") + } + } + +} + + +# Configure static or default route. +# +# === Parameters +# +# $name: +# Destination network or default for default route. +# $gateway: +# Gateway address. +# $device: +# Interface to use for this route. +# +define network::route($gateway, $device) { + + case $name { + "default": { + case $operatingsystem { + centos,fedora: { + include network::helper::restart + augeas { "set-default-route": + context => "/files/etc/sysconfig/network", + changes => [ "set GATEWAY ${gateway}", + "set GATEWAYDEV ${device}", ], + notify => Exec["restart-network"], + } + } + openbsd: { + include network::helper::restart + file { "/etc/mygate": + ensure => present, + content => "${gateway}\n", + mode => 644, + owner => root, + group => wheel, + notify => Exec["restart-network"], + } + } + default: { + fail("Network module not supported in ${operatingsystem}") + } + } + } + default: { fail("Only default routes are currently supported") } + } + +} + + +# Configure CARP interface +# +# === Parameters +# +# $name: +# CARP VHID +# $password: +# Password for authenticating CARP advertisements. +# $ipaddr: +# - +# $netmask: +# - +# $options: +# Extra options for interface. +# +# === Sample usage +# +# network::carp { "1": +# ipaddr => "192.168.1.1", +# netmask => "255.255.255.0", +# password => "secret", +# } +# +define network::carp($password, $ipaddr, $netmask, $options = []) { + case $operatingsystem { + openbsd: { + network::interface { "carp${name}": + ipaddr => "${ipaddr}", + netmask => "${netmask}", + options => [ "vhid ${name}", "pass ${password}", $options ], + } + } + centos,fedora: { + include network::ucarp + file { "/etc/ucarp/vip-${name}.conf": + ensure => present, + content => template("network/vip.conf.erb"), + mode => 0600, + owner => root, + group => root, + require => Package["ucarp"], + notify => Service["ucarp"], + } + } + default: { + fail("Network module not supported in ${operatingsystem}") + } + } +} + + +# Install uCARP[http://www.ucarp.org] daemon on host. +# +# This class is automatically included by network::carp when needed. +# +class network::ucarp { + package { "ucarp": + ensure => installed, + } + service { "ucarp": + ensure => running, + enable => true, + hasstatus => true, + require => Package["ucarp"], + } +} + + +# Configure PPPoE interface. +# +# === Parameters +# +# $name: +# PPPoE device name. +# $device: +# Physical interface name. +# $username: +# Username to use for connection. +# $password: +# Password to use for connection. +# $authtype: +# Authentication method to use. Defaults to PAP. +# +define network::pppoe($username, $password, $device, $authtype = "pap") { + + include network::helper::restart + + case $operatingsystem { + openbsd: { + file { "/etc/hostname.${name}": + ensure => present, + content => template("network/hostname.pppoe.erb"), + mode => 0600, + owner => root, + group => wheel, + notify => Exec["restart-network"], + } + } + default: { + fail("Network module not supported in ${operatingsystem}") + } + } + +} + + +# Configure trunk (bonded) interface. +# +# === Parameters +# +# $name: +# Trunk device name. +# $devices: +# Physical network devices to use. +# $ipaddr: +# - +# $netmask: +# - +# +# === Sample usage +# +# network::trunk { "bond0": +# devices => [ "eth0", "eth1", ] +# ipaddr => "10.10.120.6", +# netmask => "255.255.0.0", +# } +# +define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none") { + case $operatingsystem { + centos,fedora: { + file { "/etc/modprobe.d/${name}.conf": + ensure => present, + content => "alias ${name} bonding\noptions ${name} miimon=100 mode=${mode}\n", + mode => 0644, + owner => root, + group => root, + } + network::interface { $devices: + options => [ "MASTER=${name}", "SLAVE=yes", ], + require => File["/etc/modprobe.d/${name}.conf"], + before => Network::Interface["${name}"], + } + network::interface { $name: + ipaddr => "${ipaddr}", + netmask => "${netmask}", + } + } + default: { + fail("Network module not supported in ${operatingsystem}") + } + } +} + + +# Enable VLAN support for host. +# +# This class is automatically included when needed. +# +class network::helper::vlan { + case $operatingsystem { + centos,fedora: { + augeas { "enable-vlan-support": + context => "/files/etc/sysconfig/network", + changes => "set VLAN yes", + } + } + } +} + + +# Configure VLAN interface. +# +# === Parameters +# +# $name: +# VLAN tag. +# $device: +# Physical network device to use. +# $ipaddr: +# - +# $netmask: +# - +# +# === Sample usage +# +# network::vlan { "1": +# device => "eth0", +# ipaddr => "10.10.120.6", +# netmask => "255.255.0.0", +# } +# +define network::vlan($device, $ipaddr = "none", $netmask = "none") { + case $operatingsystem { + openbsd: { + network::interface { "vlan${name}": + options => [ "vlandev ${device}" ], + ipaddr => $ipaddr, + netmask => $netmask, + } + } + centos,fedora: { + include network::helper::vlan + network::interface { "${device}.${name}": + ipaddr => $ipaddr, + netmask => $netmask, + require => Augeas["enable-vlan-support"], + } + } + default: { + fail("Network module not supported in ${operatingsystem}") + } + } +} diff --git a/network/templates/hostname.if.erb b/network/templates/hostname.if.erb new file mode 100644 index 0000000..1de93a3 --- /dev/null +++ b/network/templates/hostname.if.erb @@ -0,0 +1,6 @@ +<% if proto == 'dhcp' -%> +dhcp NONE NONE NONE<% options.each do |val| -%> <%= val -%><% end -%> +<% else -%> +inet <%= ipaddr -%> <%= netmask -%> NONE<% options.each do |val| -%> <%= val -%><% end -%> +<% end -%> + diff --git a/network/templates/hostname.pppoe.erb b/network/templates/hostname.pppoe.erb new file mode 100644 index 0000000..268f8b8 --- /dev/null +++ b/network/templates/hostname.pppoe.erb @@ -0,0 +1,3 @@ +inet 0.0.0.0 255.255.255.255 NONE pppoedev <%= device -%> authproto <%= authtype -%> authname '<%= username -%>' authkey '<%= password %>' up +dest 0.0.0.1 +!/sbin/route add default -ifp pppoe0 0.0.0.1 diff --git a/network/templates/ifcfg-if.erb b/network/templates/ifcfg-if.erb new file mode 100644 index 0000000..1767d7e --- /dev/null +++ b/network/templates/ifcfg-if.erb @@ -0,0 +1,23 @@ +DEVICE=<%= name %> +<% if name !~ /bond[0-9]/ && has_variable?("macaddress_" + name) -%> +HWADDR=<%= scope.lookupvar("macaddress_" + name) %> +<% end -%> +ONBOOT=yes +BOOTPROTO=<%= proto %> +<% if proto == 'none' -%> +IPV6INIT=no +<% end -%> +<% if ipaddr != 'none' -%> +IPADDR=<%= ipaddr %> +<% end -%> +<% if netmask != 'none' -%> +NETMASK=<%= netmask %> +<% end -%> +<% if proto == 'dhcp' -%> +DHCPCLASS= +PERSISTENT_DHCLIENT=yes +NOZEROCONF=yes +<% end -%> +<% options.each do |val| -%> +<%= val %> +<% end -%> diff --git a/network/templates/vip.conf.erb b/network/templates/vip.conf.erb new file mode 100644 index 0000000..10c0e6a --- /dev/null +++ b/network/templates/vip.conf.erb @@ -0,0 +1,14 @@ +# Virtual IP configuration file for UCARP +# The number (from 001 to 255) in the name of the file is the identifier + +# In the simple scenario, you want a single virtual IP address from the _same_ +# network to be taken over by one of the routers. +VIP_ADDRESS="<%= ipaddr -%>" +SOURCE_ADDRESS="<%= ipaddress %>" + +# In more complex scenarios, check the "vip-common" file for values to override +# and how to add options. +PASSWORD="<%= password -%>" + +# Extra options. +OPTIONS="<% options.each do |val| -%> <%= val %><% end -%>"